Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2012-5672

Malware in sbrugna...

5.8CVSS6.4AI score0.00134EPSS
Exploits1References3
OSV
OSVadded 2023/09/30 3:15 a.m.3 views

CVE-2023-43708

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "configurationtitle1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS6.2AI score0.00117EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/09/29 12:0 a.m.2 views

PT-2023-28926 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the configuration title1 parameter. This could potentially lead to unauthorized...

5.4CVSS5.2AI score0.00117EPSS
Exploits1References9
NVD
NVDadded 2012/11/04 10:55 p.m.18 views

CVE-2012-5792

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.5AI score0.00134EPSS
Exploits1References2
Prion
Prionadded 2012/11/04 10:55 p.m.11 views

Design/Logic Flaw

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.00134EPSS
Exploits1References2
Cvelist
Cvelistadded 2012/11/04 10:0 p.m.22 views

CVE-2012-5792

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5AI score0.00134EPSS
Exploits1References2
CVE
CVEadded 2012/11/04 10:0 p.m.46 views

CVE-2012-5792

The CVE-2012-5792 entry affects the Sage Pay Direct module in osCommerce. The vulnerability arises because the module does not verify that the server hostname matches a domain name in the certificate’s CN or subjectAltName, enabling MITM attackers to spoof SSL servers using an arbitrary valid cer...

5.8CVSS6.7AI score0.00134EPSS
Exploits1References2Affected Software2
Drupal
Drupaladded 2010/07/28 12:0 a.m.15 views

SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure

The Sage Pay Direct Payment Gateway for Ubercart ucprotxvspdirect processes credit card transactions in Ubercart stores using the Sage Pay Direct service. The module may show remote 3-D Secure pages to the user in an iframe when their bank supports the Verified by Visa or MasterCard SecureCode...

6.6AI score
Exploits0References6
Rows per page
Query Builder